SALSA-NetAuth - FWNA call September 7, 2006

SALSA-NetAuth - FWNA Working Group conference call
September 7, 2006

*Attendees*
Kevin Miller, Duke U. (co-chair)
Philippe Hanset, U. Tennessee (co-chair)
Mike Coffey, U. Tennessee
Chris Misra, U. Massachusetts
Walt Reynolds, U. Michigan
Roy Hockett, U. Michigan
John Vollbrecht, Merit
Rich Cropp, Penn State U.
Mark Linton, Penn State U.
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {John} will send his questions regarding the Internet2 Intellectual Property Framework to the list.
[AI] {John} will put together a summary for a proposed session at the upcoming Internet2 Member Meeting and send to {Chris and Steven Carmody}.
[AI] {John} will share a paper on combining RADIUS and SAML capabilities to the list in advance of the next working group call.
[AI] {Chris} will invite {Steven Carmody} to a call regarding aspects of middleware for possible integration with FWNA work.

Carry-over *Action Items*
[AI] {Kevin} will initiate the documentation of additional requirements for a relay/proxy server. (24-Aug-06)
[AI] {Philippe, Mike and John} will create a summary of the path that a request makes, for the sake of troubleshooting. (24-Aug-06)
[AI] {Kevin} will connect the local RADIUS administration folks at Duke to the FWNA-Ops list. (23-Feb-06)

*Discussion*
The Fall Internet2 Member Meeting in Chicago, December 4-7 is coming up, with the deadline for the Call for Participation on September 29; read more at: <http://events.internet2.edu/2006/fall-mm/calls.cfm>. The SALSA-NetAuth / FWNA WGs plan to hold a BoF at 7:30am on Tuesday morning. Aside from a session on 802.1x, John suggested a topic on the extension of RADIUS to incorporate SAML attributes. [AI] {John} will share a paper on combining RADIUS and SAML capabilities to the list in advance of the next working group call. [AI] {John} will put together a summary for a proposed session at the upcoming Internet2 Member Meeting and send to {Chris and Steven Carmody}.

{John} also raised a few questions regarding the wording of Internet2 Intellectual Property Framework: <http://members.internet2.edu/intellectualproperty.html>. He wanted to clarify its meaning in the context of sharing new ideas on a working group call, who holds the rights to these ideas, and furthermore, which steps must be taken to initiate the process of assigning a person to formally hold the copyrights or patents. Discussion will continue as necessary or offline. [AI] {John} will send his questions regarding the Internet2 Intellectual Property Framework to the list.

{Mark and Philippe} both contributed to the general problem statement for FWNA moving forward, in the wiki: <https://wiki.internet2.edu/confluence/display/FWNAWG/Problem+statement+to+address+moving+forward+with+FWNA >. The Group continued discussion on how and when to use unique inner or outer usernames for authentication. They also discussed additional blocking mechanisms beyond the use of 802.1x. {Mark} pointed out that a high level of privacy or anonymity should be maintained for the general user; however, in the event of someone committing a crime, blocking of this user is no longer concerned with keeping their privacy, but perhaps the opposite. It is in this situation that you would want to have a way to reveal the identity of this individual, so that you would not have to block and punish an entire domain. {Chris} summarized it by saying that a long-term opaque identifier, containing information somewhere, is desired, giving way to session consistency. This leads directly to topics already explored and best handled by middleware. [AI] {Chris} will invite {Steven Carmody} to a call regarding aspects of middleware for possible integration with FWNA work.

{Kevin} suggested creating a document that gives an example of what each hop of a request is. For example, when you login, show record of the home server talking to the proxy, which passes an EAP message and proceeds to the next level. This information would be useful to the middleware folks in explaining what is happening on the network side. [AI] {Philippe, Mike and John} will create a summary of the path that a request makes, for the sake of troubleshooting. (24-Aug-06)

{Chris} said that it would be worthwhile to gather current practices for handling guest access. This would also identify those campuses who have not yet begun to address this class of user and why. These can then be compared to FWNA, helping to give it shape in the context of how campuses are currently struggling.

The next SALSA-NetAuth - FWNA WG call will be held on Thursday, September 21 at 11am EDT.